I can connect to the machine ONLY IF the auth AND +pap AND +chap are omitted in all of the options files.
The connection is refused with any of those authentication options enabled.
If I run pppd from the command line - it says that it cannot find the secrets needed.
I cannot make pppd to print it’s debug messages no matter where I put the debug keyword: /etc/ppp/options or /etc/ppp/options.ser1
With tcp/ip v4.25D + tcp/ip security patch + tcp/ip security patch A everything works OK.
QNX v4.25G
The Security patch is installed:
/bin/login 24060 26Apr2000
/bin/passwd 29880 26Apr2000
/bin/su 26613 23May2000
pppd was not writing it’s debug messages in the /tmp/log/syslog because the /usr/bin/syslogd was started before the /usr/ucb/Tcpip and en1 configuration.
After rectifying this issue I see pppd’s messages in the syslog.
If I omit all authentication options - pppd warns me about “world and/or group writability” of /etc/ppp/pap-secrets. It is (pap-secrets) endeed cmod 666, as well as chap-secrets, but pppd does not warn me about chap-secrets’ excessive file permissions.
When I make /etc/ppp/pap-secrets owned by root, group root, chmod 600 - (still omitting auth options) - the warning does not appear in the syslog.
This, I think, shows that pppddoes see the file, pap-secrets at least.
Why cannot it find the secrets when auth is required?
Only if I put both “auth” and “login” options in /etc/ppp/options file - pppd attempts to authenticate the caller.
Authentication allways fails, no matter what I put as a secret for a given login name. It fails even if “” is set as the secret. (By the way, it is not 100% clear what it is - either “” or " " in the documentation)
I tryed to make an account for “guest” with password == guest. Does not help.
I tryed to copy it’s hashed password from /etc/shadow into pap-secrets file as the secret. Does not help either.
I did not try to use @ symbol in the secret field of the pap-secrets to point to the external file with the secret yet.
I’ve got in touch with the QSSL’s stuff regarding this issue.
The reason for pppd v2.3.5 to deny the authentication requests is that the fourth field in the /etc/ppp/[ch|p]ap-secrets is no longer optional.
There SHOULD be a valid client’s IP (or a hostname).